← Back to Skills Marketplace
kai-tw

Notion 2025 API Skill

by kai-tw · GitHub ↗ · v1.0.1
cross-platform ✓ Security Clean
307
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install notion-2025-api
Description
Query, create, and manage Notion databases and pages using the 2025-09-03 API format. Use when: (1) querying or filtering database entries via data_source_id...
README (SKILL.md)

Notion 2025 API Skill

This skill provides utilities for working with Notion databases and pages using the 2025-09-03 API format, which separates database_id (for creating pages) from data_source_id (for querying entries).

Quick Reference

Key Difference (2025-09-03):

  • database_id → Use when creating NEW pages in a database
  • data_source_id → Use when QUERYING existing entries in a database

Common Operations

1. Query a Database

NOTION_KEY=$(cat ~/.openclaw/workspace/secrets/notion_api_key.txt)
DATA_SOURCE_ID="YOUR_DATA_SOURCE_ID"

curl -s -X POST "https://api.notion.com/v1/data_sources/$DATA_SOURCE_ID/query" \
  -H "Authorization: Bearer $NOTION_KEY" \
  -H "Notion-Version: 2025-09-03" \
  -H "Content-Type: application/json" \
  -d '{
    "filter": {"property": "Status", "select": {"equals": "Active"}},
    "sorts": [{"property": "Last Updated", "direction": "descending"}]
  }' | jq '.results[]'

2. Create a Database Entry

curl -s -X POST "https://api.notion.com/v1/pages" \
  -H "Authorization: Bearer $NOTION_KEY" \
  -H "Notion-Version: 2025-09-03" \
  -H "Content-Type: application/json" \
  -d '{
    "parent": {"database_id": "YOUR_DATABASE_ID"},
    "properties": {
      "Name": {"title": [{"text": {"content": "Entry Name"}}]},
      "Status": {"select": {"name": "Active"}},
      "Count": {"number": 42}
    }
  }' | jq '.id'

3. Update a Page

ENTRY_ID="YOUR_ENTRY_ID"

curl -s -X PATCH "https://api.notion.com/v1/pages/$ENTRY_ID" \
  -H "Authorization: Bearer $NOTION_KEY" \
  -H "Notion-Version: 2025-09-03" \
  -H "Content-Type: application/json" \
  -d '{
    "properties": {
      "Status": {"select": {"name": "Complete"}},
      "Description": {"rich_text": [{"text": {"content": "Updated content"}}]}
    }
  }' | jq '.properties'

4. Add Content Blocks to a Page

PAGE_ID="YOUR_PAGE_ID"

curl -s -X PATCH "https://api.notion.com/v1/blocks/$PAGE_ID/children" \
  -H "Authorization: Bearer $NOTION_KEY" \
  -H "Notion-Version: 2025-09-03" \
  -H "Content-Type: application/json" \
  -d '{
    "children": [
      {
        "object": "block",
        "type": "heading_2",
        "heading_2": {"rich_text": [{"text": {"content": "Section Title"}}]}
      },
      {
        "object": "block",
        "type": "paragraph",
        "paragraph": {"rich_text": [{"text": {"content": "Paragraph content"}}]}
      }
    ]
  }' | jq '.object'

Property Types (2025-09-03)

When updating or creating entries, use these property formats:

Type Format Example
Title {"title": [{"text": {"content": "..."}}]} {"title": [{"text": {"content": "My Title"}}]}
Rich Text {"rich_text": [{"text": {"content": "..."}}]} {"rich_text": [{"text": {"content": "Body text"}}]}
Select {"select": {"name": "Option"}} {"select": {"name": "Active"}}
Number {"number": VALUE} {"number": 42}
Date {"date": {"start": "YYYY-MM-DD"}} {"date": {"start": "2026-03-03"}}
Checkbox {"checkbox": true/false} {"checkbox": true}
URL {"url": "https://..."} {"url": "https://example.com"}
Status {"status": {"name": "..."}} {"status": {"name": "Active"}}

Filter Syntax (for queries)

{
  "filter": {
    "and": [
      {"property": "Status", "select": {"equals": "Active"}},
      {"property": "Count", "number": {"greater_than": 5}}
    ]
  }
}

Common filters:

  • {"select": {"equals": "Value"}}
  • {"number": {"greater_than": N}}
  • {"date": {"on_or_after": "2026-01-01"}}
  • {"rich_text": {"contains": "keyword"}}

Bundled References

Setup

  1. Create integration at https://notion.so/my-integrations
  2. Copy API key
  3. Store in ~/.openclaw/workspace/secrets/notion_api_key.txt
  4. Share target Notion pages/databases with your integration (Invite → select integration)

Security & Safety

Credentials

  • API Key Storage: Stored in ~/.openclaw/workspace/secrets/notion_api_key.txt
  • Scope: Notion API access only (limited to Notion endpoints)
  • No Elevation: This skill does not request elevated permissions
  • Key Rotation: If key is compromised, revoke at https://notion.so/my-integrations

Input Validation ⚠️

IMPORTANT: The helper script uses JSON string concatenation. Only use with:

  • Trusted input (your own data)
  • IDs from Notion (database_id, page_id, data_source_id)
  • Known property names from your Notion schema

DO NOT pass untrusted user input directly to the script:

# UNSAFE - if user_input contains special chars/quotes
./notion_helper.sh create "$db_id" "$user_input"

SAFE - Use proper escaping or JSON libraries:

# SAFE - properly escaped
title=$(echo "$user_input" | jq -Rs '.')
./notion_helper.sh create "$db_id" "$title"

External Dependencies

  • curl — HTTP requests to Notion API
  • jq — JSON parsing and formatting
  • date — Date calculations (macOS/Linux)

All are standard utilities; verify they're available before use.

Important Notes

  • API Version: Always use Notion-Version: 2025-09-03
  • IDs: database_id and data_source_id are different—use the correct one for your operation
  • Permissions: Integration must be invited to pages/databases via Notion UI
  • Rate limit: ~3 requests/second average
  • Untrusted Input: Never pass unsanitized user input to JSON construction
Usage Guidance
This skill looks coherent for Notion API use — it needs curl, jq, and a Notion API key stored at ~/.openclaw/workspace/secrets/notion_api_key.txt. Before installing: (1) ensure the secret file is created with restrictive permissions (chmod 600) and contains only the Notion key; (2) avoid passing untrusted user input directly to the helper script — escape inputs with jq as shown in the docs; (3) be aware the script validates JSON values and IDs but does not validate property names passed to the update command (don’t pass attacker-controlled strings as the property parameter); (4) note the metadata declares an env var NOTION_API_KEY_PATH but the script reads the hardcoded path — if you rely on a different location, verify or adjust the script to read the env var; (5) review the helper script yourself (it's short) and run it in a controlled environment first. These are implementation hygiene items rather than indicators of malicious behavior.
Capability Analysis
Type: OpenClaw Skill Name: notion-2025-api Version: 1.0.1 This skill is designed for legitimate interaction with the Notion API. The `scripts/notion_helper.sh` script and the `SECURITY.md` file clearly indicate that a JSON injection vulnerability *existed* but has been *fixed* by implementing robust input validation and proper JSON escaping using `jq -Rs '.'` and `jq empty`. All network calls target the legitimate Notion API endpoint (`https://api.notion.com/v1/`). The documentation (SKILL.md, README.md) is transparent about API key handling and explicitly warns users about safe input practices. There is no evidence of malicious intent, data exfiltration, persistence mechanisms, or prompt injection attempts against the OpenClaw agent.
Capability Assessment
Purpose & Capability
Name/description match the provided files and code: the SKILL.md, README, API reference, examples, and helper script all implement Notion API operations (query, create, update, add blocks). Required binaries (curl, jq) and a Notion API key are appropriate and proportional for this functionality.
Instruction Scope
Runtime instructions and the bundled script operate only on Notion endpoints and the local secret file. The documentation repeatedly warns about untrusted input and the script validates JSON for values and Notion IDs. However, update_property inserts the property name directly into JSON via string concatenation (the script validates the value JSON but not the property identifier), which could lead to malformed payloads or injection if a caller supplies an attacker-controlled property string. The docs warn users, but the code does not fully validate property names.
Install Mechanism
No install spec (instruction-only with a shipped helper script). No downloads or remote code execution during install. This is low risk from an installation perspective.
Credentials
The skill requests a single credential stored at ~/.openclaw/workspace/secrets/notion_api_key.txt (declared in metadata as NOTION_API_KEY_PATH) which is proportionate. Minor inconsistency: the metadata declares NOTION_API_KEY_PATH but the helper script reads a hardcoded path (~/.openclaw/workspace/secrets/notion_api_key.txt) instead of reading the environment variable; in practice the path matches, but this mismatch between metadata and runtime behavior could matter in environments that expect the skill to honor the env var.
Persistence & Privilege
always:false and no actions that modify other skills or global agent configs. The skill runs on demand or autonomously per platform defaults; it does not request elevated privileges or persistent system changes.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install notion-2025-api
  3. After installation, invoke the skill by name or use /notion-2025-api
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Security patch v1.0.1: Fix registry metadata mismatch, JSON injection vulnerability, credential transparency. All input validated/escaped. See SECURITY.md.
v1.0.0
Full support for Notion 2025-09-03 API with database queries and page management
Metadata
Slug notion-2025-api
Version 1.0.1
License
All-time Installs 1
Active Installs 1
Total Versions 2
Frequently Asked Questions

What is Notion 2025 API Skill?

Query, create, and manage Notion databases and pages using the 2025-09-03 API format. Use when: (1) querying or filtering database entries via data_source_id... It is an AI Agent Skill for Claude Code / OpenClaw, with 307 downloads so far.

How do I install Notion 2025 API Skill?

Run "/install notion-2025-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Notion 2025 API Skill free?

Yes, Notion 2025 API Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Notion 2025 API Skill support?

Notion 2025 API Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Notion 2025 API Skill?

It is built and maintained by kai-tw (@kai-tw); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments